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REMARKS 

Claims 1-5, and 7-14 are pending in the present application. Claim 6 has been 
canceled; and claims 1-5 and 7-14 were amended- Reconsideration of the claims is 
respectfully requested. 

Independent claims 1 s 7, 1 1, and 14 have been amended to recite a feature in 
which a determination of wheth er to establish a transmission control block for a client 
unit is made by evaluating an incremented value o f the Initial Sequence number Receiver 
side included in the ACK message, and to recite the limitation that the Initial Sequence 
number Receiver side is embedded with connection parameters as descried in the subject 
application (See Page 5, Lines 10-20; Page 12, Lines 13-20; and Page 14, Lines 3-6 and 
Lines 1 1-21), Additionally, claims 1-5 and 7-14 have been amended to correct various 
informalities in the claim language. No new matter has been introduced by the 
amendments to claims 1-5 and 7-14. 

Applicants thank the examiner for the interview on Tuesday, September 07, 2004. 
During the interview, the following points were discussed: 

L 35 U.S.C. S 102, Anticipation 

The examiner has rejected claims 1-14 under 35 U.S.C. § 102(e) as being 
anticipated by U.S. Patent No. 5,958,053 to Denker (hereinafter Denker). This rejection 
is respectfully traversed. 

With respect to this rejection, a prior art reference anticipates the claimed 
invention under 35 U.S.C. § 102 only if every element of a claimed invention is 
identically shown in that single reference, arranged as they are in the claims. In re Bond, 
910 F.2d 831, 832 5 1 5 U.S.P.Q.2d 1 566, 1567 (Fed. Cir. 1990). All limitations of the 
claimed invention must be considered when determining patentability. Tn re Lowry, 32 
F.3d 1579, 1582, 32 U.S.P.Q.2d 1031, 1034 (Fed. Cir. 1994). Anticipation focuses on 
whether a claim reads on the product or process a prior art reference discloses, not on 
what the reference broadly teaches. Kalman v. Kimberly-Clark Corp. ,713 F.2d 760, 2 1 8, 
U.S.P.Q. 781 (Fed. Cir. 1983). In this particular case, each and every feature of the 
presently claimed invention is not identically shown or described in Denker, arranged as 
they are in the claims. 
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For example, amended claim I recites the following: 

1 . (Currently Amended) A method for defeating, in a server unit of an 
Internet Protocol network, a SYN flooding attack, said server unit running 
Transmission Control Protocol to allow the establishment of one or more 
transmission control protocol connections with one or more client units, said 
method comprising the steps of: 

upon having activated the transmission control protocol in said server unit, 
listening for the receipt of a SYN message sent from a client unit; 

upon receiving said SYN message, computing an Initial Sequence number 
Receiver side, wherein said Initial Sequence number Receiver side is embedded 
with connection parameters specified in the SYN message; 

responding to said client unit with a SYN-ACK message including said 
Initial Sequence number Receiver side; 

resuming to said listening step; and 

responsive to receiving an ACK message, determining whether to 
establish a transmission control block for the client unit by evaluating an 
incremented value of the Initial Sequence number Receiver side included in the 
ACK message. 

With regard to claim 1, the Office Action states the following: 

As to independent claim 1, "A method for defeating, in a server 
unit of an IP (Internet Protocol) network, a SYN flooding attack, said 
server unit running TCP (Transport Control Protocol) to allow the 
establishment of one or more TCP connections with one or more client 
units, said method comprising the steps of: 

upon having activated TCP in said server unit:" i$ taught in c 053 col. 4, 
lines 44-55; 

"listening for the receipt of a SYN message sent from one said 
client unit" and "resuming to said listening step" is shown in col. 6> lines 
59-60; 

**upon receiving said SYN message: computing an ISR (Initial 
Sequence number Receiver side); responding to said client unit with a 
SYN-ACK message including said computed said ISR" is disclosed in col. 
4, lines 58-64. 
Office Action dated June 7, 2004, pages 2-3. 

Applicants respectfully disagree. For example, Denkcr recites the 
following: 

Tn the TCP2B protocol according to an embodiment of the present 
invention, the client requests a TCP connection with a server using a SYN 
message. The client indicates its support for the TCP2B protocol of the present 
invention using one or more bits of the TCP header (such as the OPT field).. Jn 
response to the SYNACK message indicating the server's support for TCP2B, the 
client sends an ACK message to the server. This ACK message (in addition to the 
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information required by standard TCP) includes the encoded value and repeats 
the client's requested options. The server then analyzes the encoded value in the 
ACK message to determine if it passes the appropriate mathematical (i.e., 
cryptologic) test. If the encoded value included in the ACK message passes the 
appropriate mathematical test, then the client is properly complying with the 
TCP2B protocol, and the server allocates a full Transmission Control Block in 
memory, and the connection becomes fully established, (emphasis added) 
Denker, Column 4, Lines 53-Column 5, Line 8 

Thus, the mechanism for protecting against a SYN flood attack provided by 
Denker is explicitly described as requiring information "in addition' 1 to that "required by 
standard TCP." Particularly, uxformation that is required in addition to standard TCP 
information is an "encoded value in the ACK message" that is returned to a server during 
the handshake process. Additionally, the client must indicate "its support of a" TCP 
variant, e.g., TCP2B, for the evaluation to proceed. A server then allocates a 
transmission control block in memory only after an indication that the client supports the 
TCP variant and after analyzing "the encoded value" that is transmitted to the server in 
addition to the standard TCP information. Thus, Denker fails to describe or suggest a 
mechanism for embedding an initial sequence number receiver side "with connection 
parameters specified in the SYN message" and for "deteimining whether to establish a 
transmission control block for the client unit by evaluating an incremented value of the 
Initial Sequence number Receiver side included in the ACK message" in response to 
receiving an ACK message from the client. Rather, Denker determines whether to 
establish a transmission control block for a client responsive to receiving both an 
indication that the client supports a TCP variant and an encoded value that is in addition 
to standard TCP information. 

As described in the present application, a determination of whether to 
establish a transmission control block is made by evaluating the incremented 
value of the initial sequence number receiver side (ISR) as is normally provided 
by a client running standard TCP when returning an ACK message in response to 
receiving a SYN- ACK from a server. Connection parameters are embedded in 
the initial sequence number receiver side that is provided to the client thus 
enabling the server to determine "whether to establish a transmission control 
block for the client unit by evaluating" "the Initial Sequence number Receiver 
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side" that is incremented by the client (See Page 5, Lines 10-20; Page 12, Lines 
1 3-20; and Page 14, Lines 3-6 and Lines 1 1 -21 ). Thus, the evaluation is made 
without any modification or supply of additional data by the client For example, 
Figure 4-b of the subject application shows the following: 
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As can be seen, the server pass or fails an ACK message by checking the 
ISR returned to the server by the client (step 421). Moreover, the ISR returned by 
the client is "incremented by 1. as protocol caljs for" thus facilitating SYN flood 
attack protection on a client running standard TCP (see Page 1.4, Line 3-4). Thus, 
as described and claimed by amended independent claim 1, the determination of 
whether to establish a transmission control block for the client is made by 
checking the incremented initial sequence number receiver side included in an 
ACK message provided by a client running in accordance with standard TCP. 

Amended independent claims 7, 1 1, and 14 recite similar features as amended 
claim 1 . Therefore, the same distinctions between Denker and the claimed invention in 
claim 1 apply for these claims. For the reasons described above, Denker does not contain 
all elements of independent claims 1, 7, 11 and 14. Hence, Denker fails to anticipate die 
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present invention as recited in claims 1, 7, 11 and 14. Since claims 2-5 depend from 
claim l ? claims 8-10 depend from claim 7, and claims 12-13 depend from claim 1.1, the 
same distinctions between Denker and the claimed invention in independent claims 1 , 7, 
and 11 apply for these claims. Additionally, claims 2-5, 8-10, and 12-13 claim other 
additional combinations of features not suggested by Denker. Consequently, it is 
respectfully urged that the rejection of claims 1-5 and 7-14 have been overcome. 

Therefore, the rejection of claims 1-5 and 7-14 under 35 U.S-C § 102 has 
been overcome, and such a notice is respectfully requested. 

II. Conclusion 

It is respectfully urged that the subject application is patentable over Denker and 
is now in condition for allowance. 

The examiner is invited to call the undersigned at the below-listed telephone 
number if in the opinion of the examiner such a telephone conference would expedite or 
aid the prosecution and examination of this application. 

DATE: -1c5gfottd&.f Wt 

Respectfully submitted, 




r 



Steven T. McDonald 
Reg. No. 45,999 
Yee & Associates, P.C. 



P.O. Box 802333 
Dallas, TX 75380 
(972) 367-2001 
Agent for Applicants 



Page 12 of 12 
Lambertoti et al - 09/755,564 

PAGE 14/14 * RCVD AT 9/712004 3:33:04 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/5 * DNIS:8729306 * CSID:9723672008 * DURATION (mm-ss):04-06 



